fix: separate deposit cap tracking from contract balance changes

contracts/PointTokenVault.sol

@@ -32,8 +32,8 @@ contract PointTokenVault is UUPSUpgradeable, AccessControlUpgradeable, Multicall
     // Merkle root distribution.
     bytes32 public currRoot;
     bytes32 public prevRoot;
-    mapping(address => mapping(bytes32 => uint256)) public claimedPTokens; // user => pointsId => claimed
-    mapping(address => mapping(bytes32 => uint256)) public claimedRedemptionRights; // user => pointsId => claimed
+    mapping(address => mapping(bytes32 => uint256)) public claimedPTokens; // user => pointsId => PTokens claimed
+    mapping(address => mapping(bytes32 => uint256)) public claimedRedemptionRights; // user => pointsId => Rewards redeemed
 
     mapping(bytes32 => PToken) public pTokens; // pointsId => pTokens
 
@@ -43,6 +43,8 @@ contract PointTokenVault is UUPSUpgradeable, AccessControlUpgradeable, Multicall
 
     mapping(address => mapping(address => bool)) public trustedClaimers; // owner => delegate => trustedClaimers
 
+    mapping(address => uint256) public totalDeposited; // token => total deposited amount
+
     // Fees
     uint256 public mintFee;
     uint256 public redemptionFee;
@@ -115,20 +117,22 @@ contract PointTokenVault is UUPSUpgradeable, AccessControlUpgradeable, Multicall
         uint256 cap = caps[address(_token)];
 
         if (cap != type(uint256).max) {
-            if (_amount + _token.balanceOf(address(this)) > cap) {
+            if (totalDeposited[address(_token)] + _amount > cap) {
                 revert DepositExceedsCap();
             }
         }
 
         _token.safeTransferFrom(msg.sender, address(this), _amount);
 
         balances[_receiver][_token] += _amount;
+        totalDeposited[address(_token)] += _amount;
 
         emit Deposit(msg.sender, _receiver, address(_token), _amount);
     }
 
     function withdraw(ERC20 _token, uint256 _amount, address _receiver) public {
         balances[msg.sender][_token] -= _amount;
+        totalDeposited[address(_token)] -= _amount;
 
         _token.safeTransfer(_receiver, _amount);
 

contracts/test/PointTokenVault.t.sol

@@ -150,6 +150,47 @@ contract PointTokenVaultTest is Test {
         assertEq(pointTokenVault.balances(vitalik, newMockToken), 2e18); // Total 2 tokens deposited
     }
 
+    function test_DepositCapRewardSameAsDeposit() public {
+        // Set up an 18 decimal token as both deposit and reward token
+        MockERC20 token = new MockERC20("Example Token", "EX", 18);
+
+        vm.startPrank(operator);
+        // Set deposit cap for token to 5000
+        pointTokenVault.setCap(address(token), 5000e18);
+
+        // Set token as reward token with 1:1 ratio
+        pointTokenVault.setRedemption(eigenPointsId, token, 1e18, false);
+        vm.stopPrank();
+
+        // Mint tokens to users
+        token.mint(vitalik, 5000e18);
+        token.mint(toly, 2000e18);
+
+        // Vitalik deposits 4000 tokens
+        vm.startPrank(vitalik);
+        token.approve(address(pointTokenVault), 4000e18);
+        pointTokenVault.deposit(token, 4000e18, vitalik);
+        vm.stopPrank();
+
+        // Toly converts 2000 tokens to pTokens
+        vm.startPrank(toly);
+        token.approve(address(pointTokenVault), 2000e18);
+        pointTokenVault.convertRewardsToPTokens(toly, eigenPointsId, 2000e18);
+        vm.stopPrank();
+
+        // Assert current token balance in vault
+        assertEq(token.balanceOf(address(pointTokenVault)), 6000e18);
+
+        // Try to deposit 1000 tokens, which should succeed
+        vm.startPrank(vitalik);
+        token.approve(address(pointTokenVault), 1000e18);
+        pointTokenVault.deposit(token, 1000e18, vitalik);
+        vm.stopPrank();
+
+        // Assert that 5000 tokens have been deposited
+        assertEq(pointTokenVault.balances(vitalik, token), 5000e18);
+    }
+
     function test_DeployPToken() public {
         // Can't deploy the same token twice
         vm.expectRevert(PointTokenVault.PTokenAlreadyDeployed.selector);